1. Field of the Invention
The present invention relates to authentication methods, authentication systems, and their tag devices, information referrer clients, authentication servers, information servers, and tag management servers; and relates to an authentication method and authentication system that make public the identification information of an object and perform authentication in referring, from the identification information, to the information of the object corresponding to the identification information, and its tag device, information referrer client, authentication server, information server, and tag management server.
2. Description of the Related Art
Radio frequency identification tags have attracted attention as one of the basic technologies that support a future ubiquitous society, and various methods of using them have been devised in SCM (Supply Chain Management) and other fields. However, since there is no scheme for managing the relationship between a radio frequency identification tag and its referrer, there are various possible security concerns with respect to radio frequency identification tags.
Techniques have been devised for preventing radio frequency identification tags from being read at random, such as localizing the communications between a radio frequency identification tag and a reader by encrypting the information of the radio frequency identification tag using a dedicated encryption method, covering a radio frequency identification tag with a special shield, and preventing a reader from reading a radio frequency identification tag by providing a special radio frequency identification tag called a blocker tag. However, these methods can only choose between disclosing and not disclosing, and cannot control disclosure of multiple radio frequency identification tags individually.
Providing a scheme for freely controlling disclosure of the information of a radio frequency identification tag at will by its current manager is the point of popularization in providing services using this type of radio frequency identification tag attached to a product.
Patent Document 1 describes a network information setting method that sets the attribute information of a communications terminal in a second server as an initial setting when the communications terminal gets connected to a control network to which a first server that stores key information and the second server that stores attribute information are connected, wherein key information necessary for secure communications with the second server is obtained from the first server, and the attribute information containing at least the identifier and network address of the communications terminal is transmitted to the second server through secure communications using the key information.
Patent Document 2 describes a processing information management system having an input terminal and a processing information management apparatus connected through a network, wherein the processing information management apparatus has the function of checking double registration at the time of database registration and the function of checking a match between an input and an output by comparing their weight values.    [Patent Document 1] Japanese Laid-Open Patent Application No. 2005-135032    [Patent Document 2] Japanese Laid-Open Patent Application No. 2003-345413
Possible security concerns in conventional art include the following: first, intentional information manipulation that attacks the absence of a check on whether a radio frequency identification tag is properly referred to, and an information confusing attack that notifies a server of the same ID simultaneously at multiple points; and secondly, information tracking (illegal reading) that attacks the globality of the radio frequency identification tag (the capability of any radio frequency identification tag reader with the same standard to read the information of any radio frequency identification tag).
A specific example of the first problem is as follows. In the case of assuming, for example, a farm produce production management system using radio frequency identification tags, an agricultural chemical used in the process of growing vegetables may be automatically added to the management history of the vegetables by collecting information from a radio frequency identification tag attached to the agricultural chemical. In the case of notifying a production management system of the information of the radio frequency identification tag attached to the agricultural chemical, however, unless a check is made on whether the radio frequency identification tag of the agricultural chemical has been referred to, it is possible to have false information registered by falsely transmitting the ID of, for example, an agricultural chemical with less adverse effect that has not been actually used. Similar examples include falsifying office attendance and receiving a special offer without purchasing a commodity.
A specific example of the second problem is as follows. In the case where an ordinary consumer carries a CD, a book, and a notebook in a bag, and radio frequency identification tags are attached to them for product management, so that the consumer can refer to brief product information with a radio frequency identification tag reader mounted in a cellular phone, if the coverage of these radio frequency identification tags is approximately 3 m, it is possible to collect information on objects within 3 m around in addition to her/his personal belongings. It is not difficult to identify the owner of an object in an environment where people are somewhat scattered, such as a coffee shop. The information items collectible from individual objects are not harmful themselves, but it is possible to guess various things by combining these information items.
For example, it is possible to guess a person's liking from CDs or books by knowing the title of a commodity, and it is possible to guess a person's affluence to some extent by knowing the manufacturer of a notebook or bag. A similar example may be the case of scanning the stock status of another shop.